Assign user roles and groups - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-11-13
Category
Administrator Guide
Abstract

Learn how to assign users to roles and user groups.

After activating your Cortex XDR tenant, you can start to manage user roles and permissions. Cortex XDR uses role-based access control (RBAC) to manage roles with specific permissions for controlling user access. RBAC helps manage access to Cortex XDR components and Cortex Query Language (XQL) datasets, so that users, based on their roles, are granted minimal access required to accomplish their tasks.

You can manage user roles from the following:

  • Cortex Gateway: Manage roles and permissions for multiple tenants linked to the same Customer Support Portal account.

    When you activate a tenant for the first time, users who were created in the Customer Support Portal will have access to the tenant, but will not have a role. The gateway is usually used to assign roles after the activation process. Roles and permissions are applied across all tenants and all Cortex products. You can exclude different tenants or different Cortex products. For more information, see Cortex Gateway Administrator Guide.

    Important

    Setting XQL dataset access permissions for a user role can only be performed from Cortex XDR Access Management. For more information, see Manage user roles.

  • Cortex XDR Access Management: Manage roles and permissions, and authentication settings for a specific Cortex XDR tenant only. For more information, see Manage user access.

Assign roles directly to users or create user groups and assign roles to those groups. We recommend creating user groups (with a user role), and assigning users to those user groups rather than creating direct roles for each user.

Perform additional tasks

For more information about additional tasks such as creating a custom role, modifying a user's role, or removing a user's role, see Manage user access or Cortex Gateway Administrator Guide.